cancel
Showing results for 
Search instead for 
Did you mean: 

Fragattacks

Fragattacks

dpanev
Contributor

Hey Guys,

are extreme ap’s infected of this open door? If so, is there a workaround or a hotfix coming?

 

Regards,

 

1 ACCEPTED SOLUTION

SamPirok
Community Manager Community Manager
Community Manager

Hi guys, thanks for the mention, I just posted our vulnerability notice regarding the FragAttacks here: 

 

Please let me know if you have additional questions and I’ll do my best to get you answers quickly. 

View solution in original post

23 REPLIES 23

markus_dach
New Contributor

Hi Sam, there is still no schedule for fixes on 38xx APs beside the 3805 model on the official vulnerability- notice page. When will patches for this series of APs (especially the 3825i/e series) be available?

SamPirok
Community Manager Community Manager
Community Manager

Hello all, thank you for your patience, our security team has updated the vulnerability notice today. Could you please let me know if the new additions address your questions? If not, please let me know and I’ll forward your questions on to the security team working on this. 

mfluechter
New Contributor

I’m a little bit confused that Extreme is still evaluating if some products are affected by these issues. Especially the older products like IdentiFi oder WLAN9100, which are still under service and for which they still receive money from customers for service and support…

Regarding https://www.fragattacks.com/ there was a 10 month disclosure period, managed by the WiFi-Alliance for manufacturers to test their equipment and produce patches. Extreme is Contributor in the WiFi-Alliance. So my colleagues, my boss and my customers, which are using these older stuff, and I are all asking ourselves one question: “What the hell did Extreme do in this period?”

Can someone from Extreme give me an official statement what had happened here exactly, that Extreme is still evaluating stuff and cannot give a clear statement if some products are affected by the CVEs? I mean, it’s not rocket science to test if a component is affected. The security engineer published a test-tool on GitHub. I’ve even tested my private equipment at home with it…

SamPirok
Community Manager Community Manager
Community Manager

Hey all, I’m told in the vulnerability notice that IdentiFi = ExtremeWireless. They are still working out whether or not ExtremeWireless products are affected by this issue. 

 

The release for 10.3r3 is currently scheduled for early to mid month this month, barring any unforeseen set backs before then. 

adrian_stewart
New Contributor

Is there a release date for IQ Engine 10.3r3 for Wave 1 and Wave 2 AC (AP230 & AP250)?

GTM-P2G8KFN